-
Notifications
You must be signed in to change notification settings - Fork 3.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[shared storage] Support cross-origin worklet
For the sharedStorage.createWorklet() API, relax the same-origin restriction to allow cross-origin script, in which case a cross-origin worklet will be created. How: - Rely on CORS for the worklet to be loaded/used by the embedder. - Leverage the existing process allocation and management logic from service workers and directly re-use SiteInstanceImpl::CreateForServiceWorker(). To keep this CL focused, renaming will occur in a separate CL, as it will involve renaming other downstream components like 'UnmatchedServiceWorkerProcessTracker'. Explainer: WICG/shared-storage#130 Spec: WICG/shared-storage#131 Design doc: https://docs.google.com/document/d/1QTaaroCMeFVZVghI6JkUcDvmDQEacjvpyTfk6mpvQhA/edit?usp=sharing Bug: 325302836 Change-Id: I11c1fc87bc76f4400c54d9fa809349d1d1781247
- Loading branch information
1 parent
616d362
commit 01f734f
Showing
6 changed files
with
166 additions
and
0 deletions.
There are no files selected for viewing
35 changes: 35 additions & 0 deletions
35
shared-storage/cross-origin-create-worklet-credentials-include.tentative.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
<!doctype html> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="/shared-storage/resources/util.js"></script> | ||
<script src="/fenced-frame/resources/utils.js"></script> | ||
|
||
<body> | ||
<script> | ||
'use strict'; | ||
|
||
promise_test(async () => { | ||
const ancestor_key = token(); | ||
document.cookie = "key0=value0"; | ||
const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}'; | ||
const helper_url = crossOrigin + | ||
`/shared-storage/resources/credentials-test-helper.py` + | ||
`?access_control_allow_origin_header=${window.origin}` + | ||
`&access_control_allow_credentials_header=true` + | ||
`&token=${ancestor_key}`; | ||
|
||
const worklet = await sharedStorage.createWorklet( | ||
helper_url + `&action=store-cookie`, | ||
{ credentials: "include" }); | ||
|
||
const request_cookie_fetch_response = | ||
await fetch(helper_url + `&action=get-cookie`); | ||
|
||
const request_cookie_text = await request_cookie_fetch_response.text(); | ||
|
||
assert_equals(request_cookie_text, "NO_COOKIE_HEADER"); | ||
}, 'createWorklet() with cross-origin module script and credentials "include"'); | ||
|
||
</script> | ||
</body> |
34 changes: 34 additions & 0 deletions
34
shared-storage/cross-origin-create-worklet-credentials-omit.tentative.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<!doctype html> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="/shared-storage/resources/util.js"></script> | ||
<script src="/fenced-frame/resources/utils.js"></script> | ||
|
||
<body> | ||
<script> | ||
'use strict'; | ||
|
||
promise_test(async () => { | ||
const ancestor_key = token(); | ||
document.cookie = "key0=value0"; | ||
const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}'; | ||
const helper_url = crossOrigin + | ||
`/shared-storage/resources/credentials-test-helper.py` + | ||
`?access_control_allow_origin_header=${window.origin}` + | ||
`&token=${ancestor_key}`; | ||
|
||
const worklet = await sharedStorage.createWorklet( | ||
helper_url + `&action=store-cookie`, | ||
{ credentials: "omit" }); | ||
|
||
const request_cookie_fetch_response = | ||
await fetch(helper_url + `&action=get-cookie`); | ||
|
||
const request_cookie_text = await request_cookie_fetch_response.text(); | ||
|
||
assert_equals(request_cookie_text, "NO_COOKIE_HEADER"); | ||
}, 'createWorklet() with cross-origin module script and credentials "omit"'); | ||
|
||
</script> | ||
</body> |
34 changes: 34 additions & 0 deletions
34
shared-storage/cross-origin-create-worklet-credentials-same-origin.tentative.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<!doctype html> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="/shared-storage/resources/util.js"></script> | ||
<script src="/fenced-frame/resources/utils.js"></script> | ||
|
||
<body> | ||
<script> | ||
'use strict'; | ||
|
||
promise_test(async () => { | ||
const ancestor_key = token(); | ||
document.cookie = "key0=value0"; | ||
const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}'; | ||
const helper_url = crossOrigin + | ||
`/shared-storage/resources/credentials-test-helper.py` + | ||
`?access_control_allow_origin_header=${window.origin}` + | ||
`&token=${ancestor_key}`; | ||
|
||
const worklet = await sharedStorage.createWorklet( | ||
helper_url + `&action=store-cookie`, | ||
{ credentials: "same-origin" }); | ||
|
||
const request_cookie_fetch_response = | ||
await fetch(helper_url + `&action=get-cookie`); | ||
|
||
const request_cookie_text = await request_cookie_fetch_response.text(); | ||
|
||
assert_equals(request_cookie_text, "NO_COOKIE_HEADER"); | ||
}, 'createWorklet() with cross-origin module script and credentials "same-origin"'); | ||
|
||
</script> | ||
</body> |
29 changes: 29 additions & 0 deletions
29
...-create-worklet-failure-missing-access-control-allow-credentials.tentative.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<!doctype html> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="/shared-storage/resources/util.js"></script> | ||
<script src="/fenced-frame/resources/utils.js"></script> | ||
|
||
<body> | ||
<script> | ||
'use strict'; | ||
|
||
promise_test(async t => { | ||
const ancestor_key = token(); | ||
const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}'; | ||
const helper_url = crossOrigin + | ||
`/shared-storage/resources/credentials-test-helper.py` + | ||
`?access_control_allow_origin_header=${window.origin}` + | ||
`&token=${ancestor_key}`; | ||
|
||
return promise_rejects_dom(t, "OperationError", | ||
sharedStorage.createWorklet( | ||
helper_url + `&action=store-cookie`, | ||
{ credentials: "include" })); | ||
}, 'createWorklet() with cross-origin module script and credentials ' + | ||
'"include", and without the Access-Control-Allow-Credentials response ' + | ||
'header'); | ||
|
||
</script> | ||
</body> |
28 changes: 28 additions & 0 deletions
28
...rigin-create-worklet-failure-missing-access-control-allow-origin.tentative.https.sub.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
<!doctype html> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/utils.js"></script> | ||
<script src="/shared-storage/resources/util.js"></script> | ||
<script src="/fenced-frame/resources/utils.js"></script> | ||
|
||
<body> | ||
<script> | ||
'use strict'; | ||
|
||
promise_test(async t => { | ||
const ancestor_key = token(); | ||
const crossOrigin = 'https://{{domains[www]}}:{{ports[https][0]}}'; | ||
const helper_url = crossOrigin + | ||
`/shared-storage/resources/credentials-test-helper.py` + | ||
`&access_control_allow_credentials_header=true` + | ||
`&token=${ancestor_key}`; | ||
|
||
return promise_rejects_dom(t, "OperationError", | ||
sharedStorage.createWorklet( | ||
helper_url + `&action=store-cookie`, | ||
{ credentials: "include" })); | ||
}, 'createWorklet() with cross-origin module script and credentials ' + | ||
'"include", and without the Access-Control-Allow-Origin response header'); | ||
|
||
</script> | ||
</body> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters